package cn.lwx.javaweb.utils;

import java.sql.*;

import cn.lwx.javaweb.bean.StudentInfo;
import cn.lwx.javaweb.bean.User;

/**
 * 用户工具类：判断用户密码是否正确
 *
 * @author lwx
 * @date 2021-05-08
 */
public class UserUtils {

    // 构造方法私有化，防止new对象
    private UserUtils() {
    }

    // 判断用户是否有效
    public static boolean isValid(User user) {

        Connection conn = null;
        Statement stmt = null;
        ResultSet rs = null;
        boolean flag = false;
        try {
            conn = JDBCUtils.getConnection();
            // 利用逻辑屏蔽SQL注入
            stmt = conn.createStatement();

            String sql = "select * from t_user where username='" + user.getUsername() + "'";

            rs = stmt.executeQuery(sql);

            // 结果集有数据，与密码进行匹配
            if (rs.next()) {
                // 用户名正确
                String password = rs.getString("password");
                //System.out.println("数据库中的密码：" + password);
                if (password.equals(user.getPassword())) {
                    flag = true;
                    System.out.println("用户有效");
                } else {
                    System.out.println("密码错误");
                }
            } else {
                System.out.println("用户名不存在！");
            }
        } catch (SQLException e) {
            e.printStackTrace();
        } finally {
            JDBCUtils.close(rs, stmt, conn);
        }
        return flag;
    }

    // 注册
    public static int insert(User user) {
        Connection conn = null;
        PreparedStatement ps = null;
        ResultSet rs = null;
        int n = 0;

        try {
            conn = JDBCUtils.getConnection();
            String sql = "insert into t_user(id,username,password,role) values(?,?,?,?)";
            ps = conn.prepareStatement(sql);
            ps.setString(1, null);
            ps.setString(2, user.getUsername());
            ps.setString(3, user.getPassword());
            ps.setString(4, "管理员");
            n = ps.executeUpdate();

        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            //6.资源释放——完成后关闭
            JDBCUtils.close(rs, ps, conn);
        }
        return n;
    }

    // 根据id查询用户信息
    public static User queryById(String id) {
        Connection conn = null;
        PreparedStatement ps = null;
        ResultSet rs = null;
        User user = null;

        try {
            conn = JDBCUtils.getConnection();

            String sql = "SELECT id,username,password,role FROM t_user where id = ?";

            ps = conn.prepareStatement(sql);

            ps.setString(1,id);

            rs = ps.executeQuery();

            // 这个结果集当中只有一条数据，不需要while循环
            if (rs.next()) {
                int uid = rs.getInt(1);
                String username = rs.getString(2);
                String password = rs.getString(3);
                String role = rs.getString(4);
                user = new User(uid, username, password,role);
            }

        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            //6.资源释放——完成后关闭
            JDBCUtils.close(rs, ps, conn);
        }
        return user;
    }


    //修改密码
    public static int update(String password, String username) {
        Connection conn = null;
        PreparedStatement ps = null;
        ResultSet rs = null;
        int n = 0;
        try {
            conn = JDBCUtils.getConnection();

            String sql = "update t_user set password = ? where username = ?";
            ps = conn.prepareStatement(sql);
            ps.setString(1,password);
            ps.setString(2,username);

            n = ps.executeUpdate();

        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            //6.资源释放——完成后关闭
            JDBCUtils.close(rs, ps, conn);
        }
        return n;
    }
}
